Patches

Pull Requests

History

How to diagnose OpenSSL errors:
Look at the error message:
error:1408F10B:SSL routines:func(143):reason(267)
Take the reason code (267) and determine the error:
grep 267 /usr/include/openssl/ssl.h
/usr/include/openssl/ssl.h:#define SSL_R_WRONG_VERSION_NUMBER 267
Now google for SSL_R_WRONG_VERSION_NUMBER
Read the first hit:
http://www.mail-archive.com/openssl-dev@openssl.org/msg02770.html
"
Many of SSL clients sends the first CLIENT HELLO with
ssl2 format (0x80.....) because they don't know what
version the server supports.
In this first message, the client sends the version
he wants to use (3 for SSL3), then the other exchanged
messages are in the appropriate format SSL3 for V3,
SSL2 for V2 etc....
So in your server method configuration you must put:
SSL_CTX *ctx = SSL_CTX_new (SSLv23_server_method())
to correctely analyse the first client_hello message
instead of
SSL_CTX *ctx = SSL_CTX_new (SSLv3_server_method())
which i suppose you did.
"
Conclusion: the rrp-server uses SSLv3_server_method and therefore needs to be fixed to use SSLv23 instead.

On reflection, it might be a tad difficult to force rrp server to change, so I've added sslv2:// and sslv3:// transports to CVS; grab the next snapshot (5.0 or HEAD) and use fsockopen("sslv3://...") instead.